[2/2] sepolgen: Support latest refpolicy interfaces

Message ID	1452943989-11913-2-git-send-email-nicolas.iooss@m4x.org (mailing list archive)
State	Accepted
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> From: Nicolas Iooss <nicolas.iooss@m4x.org> To: selinux@tycho.nsa.gov Subject: [PATCH 2/2] sepolgen: Support latest refpolicy interfaces Date: Sat, 16 Jan 2016 12:33:09 +0100 Message-Id: <1452943989-11913-2-git-send-email-nicolas.iooss@m4x.org> In-Reply-To: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org> References: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

1452943989-11913-2-git-send-email-nicolas.iooss@m4x.org (mailing list archive)

State

Accepted

Headers

From: Nicolas Iooss <nicolas.iooss@m4x.org>
To: selinux@tycho.nsa.gov
Subject: [PATCH 2/2] sepolgen: Support latest refpolicy interfaces
Date: Sat, 16 Jan 2016 12:33:09 +0100
Message-Id: <1452943989-11913-2-git-send-email-nicolas.iooss@m4x.org>
In-Reply-To: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org>
References: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Commit Message

Nicolas Iooss Jan. 16, 2016, 11:33 a.m. UTC

Some refpolicy interfaces use:

* "$" character in paths, for example in kernel/selinux.if:

    genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)

* empty members in ifelse statement, for example in system/init.if:

    ifelse(`$5',`',`',`
        ...
    ')

Modify sepolgen/refparser grammar accordingly.

This fixes the following syntax errors reported by sepolgen-ifgen:

    /usr/share/selinux/refpolicy/include/kernel/selinux.if: Syntax error
    on line 43 gen_context [type=GEN_CONTEXT]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1416 ' [type=SQUOTE]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1422 ' [type=SQUOTE]

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 sepolgen/src/sepolgen/refparser.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index 3132c6fe7109..9b1d0c8f458d 100644
--- a/sepolgen/src/sepolgen/refparser.py
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -219,7 +219,7 @@  t_BAR       = r'\|'
 t_EXPL      = r'\!'
 t_EQUAL     = r'\='
 t_NUMBER    = r'[0-9\.]+'
-t_PATH      = r'/[a-zA-Z0-9)_\.\*/]*'
+t_PATH      = r'/[a-zA-Z0-9)_\.\*/\$]*'
 #t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*'
 
 # Ignore whitespace - this is a special token for ply that more efficiently
@@ -417,6 +417,7 @@  def p_tunable_policy(p):
 def p_ifelse(p):
     '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
               | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+              | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
     '''
 #    x = refpolicy.IfDef(p[4])
 #    v = True

[2/2] sepolgen: Support latest refpolicy interfaces

Commit Message

Patch